The Worst Passwords of 2020 Show We Are Just As Lazy About Security As Ever

After analyzing 275,699,516 passwords leaked during 2020 data breaches, NordPass and partners found that the most common passwords are incredibly easy to guess — and it could take less than a second or two for attackers to break into accounts using these credentials. Only 44% of those recorded were considered “unique.” ZDNet reports: On Wednesday, the password manager solutions provider published its annual report on the state of password security, finding that the most popular options were “123456,” “123456789,” “picture1,” “password,” and “12345678.” With the exception of “picture1,” which would take approximately three hours to decipher using a brute-force attack, each password would take seconds using either dictionary scripts — which compile common phrases and numerical combinations to try — or simple, human guesswork.

As one of the entrants on the 200-strong list describes the state of affairs when it comes to password security, “whatever,” it seems many of us are still reluctant to use strong, difficult-to-crack passwords — and instead, we are going for options including “football,” “iloveyou,” “letmein,” and “pokemon.” When selecting a password, you should avoid patterns or repetitions, such as letters or numbers that are next to each other on a keyboard. Adding a capital letter, symbols, and numbers in unexpected places can help, too — and in all cases, you should not use personal information as a password, such as birthdates or names.